CVE-2015-7331 - The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbi

CVE-2015-7331

Summary

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.

References

http://www.securityfocus.com/bid/92432
https://puppet.com/security/cve/cve-2015-7331

Vulnerable Configurations

cpe:2.3:a:puppetlabs:mcollective-puppet-agent:*:*:*:*:*:puppet:*:*
cpe:2.3:a:puppetlabs:mcollective-puppet-agent:*:*:*:*:*:puppet:*:*

CVSS

Base:	4.9 (as of 24-02-2017 - 18:35)
Impact:
Exploitability:

CWE

CWE-254

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:N

refmap via4

bid	92432
confirm	https://puppet.com/security/cve/cve-2015-7331

Last major update

24-02-2017 - 18:35

Published

30-01-2017 - 22:59

Last modified

24-02-2017 - 18:35